Archives for August 2019

I’ve written before about the paradox of hiring managers not being able to find entry-level cybersecurity candidates, while many people with decent training or even degrees in the field cannot get hired. As it turns out, it’s not really that hard to explain. The Military takes you from zero to hero. In extremely large and long-term-focused organizations—like the…

As I talk about in my article on Red, Blue, and Purple Teams, there are many advocating for other team types beyond just those colors. See my article on the different Security Assessment Types. In April Wright’s work—who appears to have started the idea of these alternative team colors—the new ones look like this. Yellow: Builder Green: Builder…

Protestors in Hong Kong are physically attacking and destroying facial recognition cameras. Palo Alto says 7 out of 10 new domain registrations (NDRs) are either malicious or not safe for work, and they encourage companies to block them. …

I was thinking the other day that complaining about being a crime victim in San Francisco is an act of privilege. I’m not talking about crime against other people that are struggling here. I don’t say that to complain about it, but rather to marvel at it. It’s not that I think it shouldn’t be true—it’s just that…

I like to update my Vim configuration every 2-5 years just to make sure I am working with the latest and greatest version of Vim and that I’m doing things efficiently. Check out my full Vim Tutorial The last few upgrades I’ve been focused on one thing: simplicity. In my previous cycle that meant moving from Vim 7.x…

I’ve been looking for a sleep-tracking solution for several years, but hadn’t been able to find anything. I was thinking about getting a sensor that goes under the sheet on the bed, but those seemed kludgy. And the wearables I’d seen thus far didn’t feel ready. But after hanging out with my buddy Mike Dahn recently I saw…

There are some seriously nasty Windows RDP bugs out there. If you have RDP facing the internet, make sure you’re patched. And try to get to VPN as soon as possible.

A huge survey of firmware security has found virtually no improvement over the last 15 years. People seem surprised by this, but it is exactly what I would have predicted based on my analysis here. Basically, for most people not in the industry, our current state is actually fine.

I’m reading an extraordinary book right now, called Range: Why Generalists Triumph in a Specialized World. As you may infer, it’s about the advantages that generalists have over specialists, and how those advantages are increasing. I think one of the most interesting things the book has done for me is show me how grit can have a downside.…

The terms intelligence, information, and data are thrown around pretty loosely in most tech circles, and this inevitably leads to people confusing and/or conflating them. What follows is a simple explanation of how the related terms are different from each other, and how they work together. Let’s get into it. Sand, pebble, boulder. Data are raw, individual, and…